[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Freeipa-users] ATTN: CVE-2014-7828



Hi,

Heads up for those who are using 2FA feature of FreeIPA 4.0 and 4.1.
A security issue was identified in the released versions of FreeIPA 4.0
and 4.1 that makes possible for users with enabled OTP token to
authenticate using only the second factor.

We have a fix available already and will be doing releases for 4.0.5 and
4.1.1 tomorrow to get packages into Fedora 21, COPR repos, and Debian
Unstable.

In meantime, you can mitigate by disabling OTP authentication for the
users.

Sorry for inconvenience.

https://fedorahosted.org/freeipa/ticket/4690
--
/ Alexander Bokovoy


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]